Qbot Office (OOXML) / .XLSX malware analysis — malicious · 41646ab8ae757e90

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: daf3cc2c551c53392fd702a04888d41f SHA-1: afc6606a4abd1626618149026cb277cbbafb535e SHA-256: 41646ab8ae757e90e09a72d734af88d44b39d74e9485cc215412d063895530ca

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot downloader. The document's metadata indicates it was created in 2006, which is unusually old for modern Qbot variants, but the detection name is specific. No further IOCs or scripts were extracted for detailed analysis.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.